CVE-2022-48929

UNKNOWN 0.0

bpf: Fix crash due to out of bounds access into reg2btf_ids.

CVSS Score

0.0

EPSS Score

0.0%

EPSS Percentile

0th

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate the verifier reg type to the appropriate btf_vmlinux BTF ID, however commit c25b2ae13603 ("bpf: Replace PTR_TO_XXX_OR_NULL with PTR_TO_XXX | PTR_MAYBE_NULL") moved the __BPF_REG_TYPE_MAX from the last member of bpf_reg_type enum to after the base register types, and defined other variants using type flag composition. However, now, the direct usage of reg->type to index into reg2btf_ids may no longer fall into __BPF_REG_TYPE_MAX range, and hence lead to out of bounds access and kernel crash on dereference of bad pointer.

Vendor	linux
Product	linux
Ecosystems	Linux Kernel
Industries	Technology
Published	Aug 22, 2024
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for linux linux

Be the first to know when new unknown vulnerabilities affecting linux linux are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

Affected Versions

Linux / Linux

8d38cde47a7e17b646401fa92d916503caa5375e < 8c39925e98d498b9531343066ef82ae39e41adae 77459bc4d5e2c6f24db845780b4d9d60cf82d06a < f0ce1bc9e0235dd7412240be493d7ea65ed9eadc c25b2ae136039ffa820c26138ed4a5e5f3ab3841 < 45ce4b4f9009102cd9f581196d480a59208690c1

Linux / Linux

5.16.11 < 5.16.12

References

NVD ↗ CVE.org ↗ EPSS Data ↗

git.kernel.org: https://git.kernel.org/stable/c/8c39925e98d498b9531343066ef82ae39e41adae git.kernel.org: https://git.kernel.org/stable/c/f0ce1bc9e0235dd7412240be493d7ea65ed9eadc git.kernel.org: https://git.kernel.org/stable/c/45ce4b4f9009102cd9f581196d480a59208690c1